(Reuters) - A British regulator on Thursday fined credit reference company Equifax Inc’s (EFX.N) UK arm Equifax Ltd 500,000 pounds for failing to protect the personal information of up to 15 million people in Britain during a 2017 cyber attack.
The Information Commissioner’s Office (ICO) said in a statement its investigation found that, although Equifax systems in the United States were compromised, Equifax Ltd was responsible for the personal information of its customers in Britain.
Equifax did not immediately respond to a request for comment on the fine outside regular business hours.
The cyber attack, which took place between May 13 and July 30 2017 affected 146 million Equifax customers globally, the ICO said.
The British arm of the company failed to take appropriate steps to ensure its American parent company Equifax Inc, which was processing the data on its behalf, was protecting the information, ICO said.
It said the investigation, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the company, which led to personal information being retained for longer than necessary and vulnerable to unauthorised access.
Reporting by Rishika Chatterjee in Bengaluru; editing by Grant McCool